WEB APPLICATION VULNERABILITIES Standard & Premium

ReviveAdserver URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-8143)

Description

An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/www/admin/*-modify.php” could be skipped if no meaningful parameter was sent. No action was performed, but the user was still redirected to the target page, specified via the “returnurl” GET parameter.

Remediation

References

Related Vulnerabilities

WordPress Plugin Another WordPress Classifieds Unspecified Vulnerability (1.8.9.4)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-26227)

WordPress Plugin ZWM Zeumic Work Management Multiple Unspecified Vulnerabilities (1.0.11)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.17)

WordPress Plugin Community by PeepSo-Social Network, Membership, Registration, User Profiles Multiple Cross-Site Request Forgery Vulnerabilities (6.0.2.0)

Severity

Medium

Classification

CVE-2020-8143 CWE-601 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities